Even technologies designed to preserve privacy can reveal identities when not used thoughtfully

Ross Ulbricht was convicted in a Manhattan federal court last week for his role operating the Silk Road online marketplace. He could serve 30 years or more behind bars.

The market Ulbricht built was based on an expectation of anonymity: Silk Road servers operated within an anonymous Tor network. Transactions between buyers and sellers were conducted in bitcoin. Everything was supposedly untraceable. Yet prosecutors presented a wealth of digital evidence to convince the jury that Ulbricht was Dread Pirate Roberts, the handle used by the chief operator of the site.

How was Ulbricht nabbed? At least some of the blame can be placed on what now seems like misplaced trust in a handful of technologies Ulbricht thought would shield his identity. These are five that tripped him up:

1. Bitcoin: If you assume your bitcoins can’t be traced back to you, think again. Like cash, bitcoins aren’t tied to a person’s identity. But unlike cash, a detailed public ledger called the blockchain keeps track of each wallet a bitcoin passes through. This case showed that all law enforcement needs to do is locate the wallets on each side of a transaction and follow the money.

In Silk Road’s case, prosecutors found it relatively trivial to track profits from Silk Road as they were transferred from wallets used by the online market to wallets on Ulbricht’s laptop. Silk Road offered a service, called a tumbler, that passed bitcoins through several intermediate wallets to obscure their origin and destination. Ulbricht either didn’t use the tumbler, or if he did, it didn’t help.

2. Chat logs: So much chatter. Thousands of pages of chat logs helped prosecutors trace the growth of Silk Road. Internal communication was carried out mostly through free software called TorChat. It provides an encrypted communication channel between two parties, using a Tor network to obscure the connection between them.

Although TorChat promises encrypted messaging, Ulbricht chose to save the logs in plain text on his computer, creating a trove of conversations with fellow Silk Road administrators. In example after example, the prosecution pointed to logs where the laptop user identified himself as Dread Pirate Roberts.

In TorChat, the user has to turn on the logging function for the chats to be saved in log files. Why Ulbricht chose this option is a mystery. Perhaps he thought law enforcement agents would never see the chats because they were on an encrypted hard drive.

3. Encryption: Encryption puts a digital padlock on information so it can’t be viewed. But eventually the person with the keys has to unlock the information in order to see it. That’s why law enforcement agents had to catch Ulbricht while he was logged into the SIlk Road’s admin console.

Because law enforcement agents snatched the laptop before Ulbricht had closed it, the contents of its hard drive were completely accessible to them, including the chat logs, a personal journal, Silk Road spreadsheets, and most importantly, Dread Pirate Roberts’ private encryption keys.

In the end, encryption did as much to betray Dread Pirate Roberts’ identity as to protect it.

Ulbricht had affixed Dread Pirate Roberts’ public encryption key to an untold number of Silk Road-related emails and forum posts. A public key allows someone to verify that a message comes from the person who claims to have sent it. On Ulbricht’s computer, in a folder marked “keys,” were the private keys used to sign Dread Pirate Roberts’ messages. Law enforcement had only to verify that the messages, many of them incriminating, came from Dread Pirate Roberts, by using the public key found on the laptop.

4. Facebook and other public websites: Ulbricht sowed the seeds of his demise the very first time he publicized the Silk Road. To get people interested in the the new site in January 2011, Ulbricht posted a message on the Bitcointalk.org forum, under the username Altoid, asking if anyone had tried the site.

Ulbricht (or someone else) later deleted the message, perhaps to cover his tracks. But another user had quoted Altoid’s message in their own post, and that message was found by an IRS agent with a simple Google search.

Ulbricht’s Facebook account also helped prosecutors. To make their case that Ulbricht was Dread Pirate Roberts, prosectors looked for times when the actions of Dread Pirate Roberts correlated closely with those of Ulbricht himself. In a chat with a fellow administrator in February 2012, Dread Pirate Roberts boasted of enjoying a vacation in Thailand. At the same moment, Ulbricht posted vacation pictures on Facebook ... from Thailand.

5. Automated server log-ins: The Silk Road servers were maintained in large part through ssh (Secure Shell), a tool that allows administrators to log into remote machines in a way that the communication is encrypted. Users can set up ssh hosts such that trusted parties can log in automatically without providing a password. A list of trusted parties is kept in a file on the server, along with their encrypted passkeys.

In the case of the SIlk Road servers, only two accounts had full administrative privileges. One was for a remote user called “frosty” who was able to connect from a machine also named “frosty.” As it happened, the laptop that law enforcement seized from Ulbricht at the time of his arrest was named “frosty” too. You get bonus points (though only a few) for guessing that Ulbricht was logged in as “frosty” on that laptop at the time of his arrest. In effect, his laptop had full administrative rights to the Silk Road operations.

Ulbricht’s defense lawyer, Joshua Dratel, pointed out to the jury that any computer could be given the name “frosty,” with a user account on it named “frosty.” But like a lot of other evidence in the case, while not definitive proof, the ssh accounts were part of a bigger picture that were enough to convince a jury of his guilt.